6.4

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2013-4497

GHSA ID

GHSA-27q4-38qf-m25h

EPSS Score

0.2749%

CWE

Published

5/17/2022

Updated

5/14/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-4497

CVE-2013-4497: OpenStack Compute Nova Improper Access Control

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-4497

CVE-2013-4497:

6.4

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2013-4497

GHSA ID

GHSA-27q4-38qf-m25h

EPSS Score

0.2749%

CWE

Published

5/17/2022

Updated

5/14/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nova	pip	< 12.0.0a0	12.0.0a0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from missing security group enforcement in two key operational paths: 1) The finish_migration flow (used for resizes and cold migrations) originally omitted firewall driver calls to re-establish security groups after VM reconstruction. 2) The live migration path lacked a dedicated post-migration hook (post_live_migration_at_destination) to apply filters. This is evidenced by the patch adding these exact missing firewall driver interactions in both code paths (commit 01de658 for finish_migration and 5cced7a for live migration), with commit messages explicitly stating they fix security group application gaps.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-4497: OpenStack Compute Nova Improper Access Control

CVE-2013-4497:

6.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

CVE-2013-4497: OpenStack Compute Nova Improper Access Control

6.4

6.4

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI